diff options
-rw-r--r-- | ipalib/plugins/aci.py | 11 | ||||
-rw-r--r-- | ipalib/plugins/permission.py | 4 | ||||
-rw-r--r-- | tests/test_xmlrpc/test_permission_plugin.py | 62 |
3 files changed, 70 insertions, 7 deletions
diff --git a/ipalib/plugins/aci.py b/ipalib/plugins/aci.py index 7ace05eb4..4b85bc93c 100644 --- a/ipalib/plugins/aci.py +++ b/ipalib/plugins/aci.py @@ -122,6 +122,7 @@ from ipalib import api, crud, errors from ipalib import Object, Command from ipalib import Flag, Int, Str, StrEnum from ipalib.aci import ACI +from ipalib.dn import DN from ipalib import output from ipalib import _, ngettext if api.env.in_server and api.env.context in ['lite', 'server']: @@ -312,8 +313,10 @@ def _aci_to_kw(ldap, a, test=False): kw['attrs'] = tuple(kw['attrs']) if 'targetfilter' in a.target: target = a.target['targetfilter']['expression'] - if target.startswith('(memberOf') or target.startswith('memberOf'): - kw['memberof'] = unicode(target) + if target.startswith('(memberOf=') or target.startswith('memberOf='): + (junk, memberof) = target.split('memberOf=', 1) + memberof = DN(memberof) + kw['memberof'] = memberof['cn'] else: kw['filter'] = unicode(target) if 'target' in a.target: @@ -332,8 +335,8 @@ def _aci_to_kw(ldap, a, test=False): # targetgroup attr, otherwise we consider it a subtree if api.env.container_group in target: targetdn = unicode(target.replace('ldap:///','')) - (dn, entry_attrs) = ldap.get_entry(targetdn, ['cn']) - kw['targetgroup'] = entry_attrs['cn'][0] + target = DN(targetdn) + kw['targetgroup'] = target['cn'] else: kw['subtree'] = unicode(target) diff --git a/ipalib/plugins/permission.py b/ipalib/plugins/permission.py index c48979f9d..e4d11f0d8 100644 --- a/ipalib/plugins/permission.py +++ b/ipalib/plugins/permission.py @@ -98,7 +98,7 @@ class permission(LDAPObject): 'memberindirect', 'ipapermissiontype', ] aci_attributes = ['group', 'permissions', 'attrs', 'type', - 'filter', 'subtree', 'targetgroup', + 'filter', 'subtree', 'targetgroup', 'memberof', ] attribute_members = { 'member': ['privilege'], @@ -338,7 +338,7 @@ class permission_mod(LDAPUpdate): result = self.api.Command.permission_show(cn, **options)['result'] for r in result: - if not r.startswith('member'): + if not r.startswith('member_'): entry_attrs[r] = result[r] return dn diff --git a/tests/test_xmlrpc/test_permission_plugin.py b/tests/test_xmlrpc/test_permission_plugin.py index a116a66ea..b0df80094 100644 --- a/tests/test_xmlrpc/test_permission_plugin.py +++ b/tests/test_xmlrpc/test_permission_plugin.py @@ -290,7 +290,7 @@ class test_permission(Declarative): dict( desc='Update %r' % permission1, command=( - 'permission_mod', [permission1], dict(permissions=u'read') + 'permission_mod', [permission1], dict(permissions=u'read', memberof=u'ipausers') ), expected=dict( value=permission1, @@ -301,6 +301,7 @@ class test_permission(Declarative): member_privilege=[privilege1], type=u'user', permissions=[u'read'], + memberof=u'ipausers', ), ), ), @@ -318,6 +319,7 @@ class test_permission(Declarative): 'member_privilege': [privilege1], 'type': u'user', 'permissions': [u'read'], + 'memberof': u'ipausers', }, ), ), @@ -347,6 +349,7 @@ class test_permission(Declarative): 'member_privilege': [privilege1], 'type': u'user', 'permissions': [u'read'], + 'memberof': u'ipausers', }, ), ), @@ -368,6 +371,7 @@ class test_permission(Declarative): 'member_privilege': [privilege1], 'type': u'user', 'permissions': [u'all'], + 'memberof': u'ipausers', }, ), ), @@ -438,4 +442,60 @@ class test_permission(Declarative): ) ), + + dict( + desc='Create memberof permission %r' % permission1, + command=( + 'permission_add', [permission1], dict( + memberof=u'editors', + permissions=u'write', + ) + ), + expected=dict( + value=permission1, + summary=u'Added permission "%s"' % permission1, + result=dict( + dn=lambda x: DN(x) == permission1_dn, + cn=[permission1], + objectclass=objectclasses.permission, + memberof=u'editors', + permissions=[u'write'], + ), + ), + ), + + + dict( + desc='Delete %r' % permission1, + command=('permission_del', [permission1], {}), + expected=dict( + result=dict(failed=u''), + value=permission1, + summary=u'Deleted permission "%s"' % permission1, + ) + ), + + + dict( + desc='Create targetgroup permission %r' % permission1, + command=( + 'permission_add', [permission1], dict( + targetgroup=u'editors', + permissions=u'write', + ) + ), + expected=dict( + value=permission1, + summary=u'Added permission "%s"' % permission1, + result=dict( + dn=lambda x: DN(x) == permission1_dn, + cn=[permission1], + objectclass=objectclasses.permission, + targetgroup=u'editors', + permissions=[u'write'], + ), + ), + ), + + ] |